A Beginner's Introduction to Network Security
By: Jeff McClure and Katharine McCoy
Tuesday October 2nd, 2001
Lately, the word "security" has been tossed around a lot in the news, IRC channels and elsewhere in the community. It seems that there's no end to viruses and script kiddies out there just waiting to get through the security on your network and damage something, or use your network to help with the latest denial-of-service attack. When someone breaks into your network, not only is it an inconvenience to you, but also a potential problem for others in the Internet community. What? You said you don't have security on your network? Gasp! Well, that's what we're here to talk about. We're going to share some reasons why you want security on your box along with a few pointers on how to secure your network. We're not going to go into great detail (that's for later articles). Our aim is to make you more aware of why you need to secure your network and then point you in the right direction.
Some Helpful Definitions
Before we get into the thick of this discussion, let's start off by providing some simplified
explanations for a few terms that will be used in the article. If you're familiar with these terms
already, just skip ahead.
ports (port numbers)
In general, when one computer connects to another across a network to use a resource (or
service) such as a web server, it needs two major pieces of information: the IP address of the
server computer and the port number on which the service runs. A computer with a single IP
address can be running any number of these services (web, FTP, Telnet, etc.). The port number
decides which service will be contacted. You can use these port numbers to help control access
to your computer.
port scan
A port scan is a technique used by would-be crackers to determine a computer's vulnerabilities.
It's called a port scan because it involves attempting to connect to a range of different port
numbers on the same computer. Depending on the results, the attacker can learn more about a
computer and what methods he can use to attack it.
firewall
A firewall is software or hardware which stands between an "external" network and an "internal"
network (or a single "internal" computer). Its job is to control the flow of network traffic between
these two networks. It does so by looking at information contained in each network packet
(including IP address and port number) and deciding what action(s) to take. Common actions
include passing the packet to the other network, refusing the packet (and sending a refusal
response to the sender), dropping the packet with no response, and noting the packet in a log file.
vulnerability
When talking about networked computers, the term vulnerability often surfaces. When used in
this sense, a vulnerability indicates a means by which the security of a system (usually its
software) might be breached. Vulnerabilities can go unnoticed for long periods of time, and the
existence of a vulnerability does not necessarily imply the existence of a working exploit of that
vulnerability.
exploit
An exploit (in our context) is a known way to take advantage of a vulnerability in a networked
system (again, usually its software).
network security
Network security is the type of security we are covering in this article. It means security
measures designed to protect against attacks which originate from the network.
internal security
Quite a different security concept is internal security. This type of security involves protecting a
computer against attacks which originate from the computer itself (often initiated by one of its
users). This is an important aspect of security (it can help protect your computer if network
security fails), but it's not the focus of this article.